nv-tegra.nvidia Code Review - linux-3.10.git/commit

author	Herbert Xu <herbert@gondor.apana.org.au>
	Tue, 22 Apr 2008 07:46:42 +0000 (00:46 -0700)
committer	David S. Miller <davem@davemloft.net>
	Tue, 22 Apr 2008 07:46:42 +0000 (00:46 -0700)
commit	c5d18e984a313adf5a1a4ae69e0b1d93cf410229
tree	2922514a388759b999757eec49b7a5bd9f290e3c	tree \| snapshot
parent	7c3f944e29c02d71e13442e977cf4cec19c39e98	commit \| diff

[IPSEC]: Fix catch-22 with algorithm IDs above 31

As it stands it's impossible to use any authentication algorithms
with an ID above 31 portably. It just happens to work on x86 but
fails miserably on ppc64.

The reason is that we're using a bit mask to check the algorithm
ID but the mask is only 32 bits wide.

After looking at how this is used in the field, I have concluded
that in the long term we should phase out state matching by IDs
because this is made superfluous by the reqid feature. For current
applications, the best solution IMHO is to allow all algorithms when
the bit masks are all ~0.

The following patch does exactly that.

This bug was identified by IBM when testing on the ppc64 platform
using the NULL authentication algorithm which has an ID of 251.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/xfrm.h		diff \| blob \| history
net/key/af_key.c		diff \| blob \| history
net/xfrm/xfrm_policy.c		diff \| blob \| history
net/xfrm/xfrm_user.c		diff \| blob \| history